Nx Release makes it easy to move your publishing process into your CI/CD pipeline across different package ecosystems.
General Concepts
Section titled “General Concepts”Automatically Skip Publishing Locally
Section titled “Automatically Skip Publishing Locally”When running nx release, after the version updates and changelog generation, you will be prompted with the following question:
...? Do you want to publish these versions? (y/N) ›To move publishing into an automated pipeline, you will want to skip publishing when running nx release locally. To do this automatically, use the --skip-publish flag:
...
Skipped publishing packages.Use the Publish Subcommand
Section titled “Use the Publish Subcommand”Nx Release provides a publishing subcommand that performs just the publishing step. Use this in your CI/CD pipeline to publish the packages.
NX   Running target nx-release-publish for 3 projects:
- pkg-1- pkg-2- pkg-3
...Publishing NPM Packages
Section titled “Publishing NPM Packages”Example NPM Publish Output
Section titled “Example NPM Publish Output”NX   Running target nx-release-publish for 3 projects:
- pkg-1- pkg-2- pkg-3
—————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————
> nx run pkg-1:nx-release-publish
📦  @myorg/pkg-1@0.0.2=== Tarball Contents ===
233B README.md277B package.json53B  src/index.ts61B  src/lib/pkg-1.ts=== Tarball Details ===name:          @myorg/pkg-1version:       0.0.2filename:      testorg-pkg-1-0.0.2.tgzpackage size:  531 Bunpacked size: 624 Bshasum:        {shasum}integrity:     {integrity}total files:   12
Published to https://registry.npmjs.org with tag "latest"
> nx run pkg-2:nx-release-publish
📦  @myorg/pkg-2@0.0.2=== Tarball Contents ===
233B README.md277B package.json53B  src/index.ts61B  src/lib/pkg-2.ts=== Tarball Details ===name:          @myorg/pkg-2version:       0.0.2filename:      testorg-pkg-2-0.0.2.tgzpackage size:  531 Bunpacked size: 624 Bshasum:        {shasum}integrity:     {integrity}total files:   12
Published to https://registry.npmjs.org with tag "latest"
> nx run pkg-3:nx-release-publish
📦  @myorg/pkg-3@0.0.2=== Tarball Contents ===
233B README.md277B package.json53B  src/index.ts61B  src/lib/pkg-3.ts=== Tarball Details ===name:          @myorg/pkg-3version:       0.0.2filename:      testorg-pkg-3-0.0.2.tgzpackage size:  531 Bunpacked size: 624 Bshasum:        {shasum}integrity:     {integrity}total files:   12
Published to https://registry.npmjs.org with tag "latest"
—————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————
NX   Successfully ran target nx-release-publish for 3 projectsNPM Publishing in GitHub Actions
Section titled “NPM Publishing in GitHub Actions”A common way to automate publishing NPM packages is via GitHub Actions. An example of a publish workflow is as follows:
name: Publish
on:  push:    tags:      - v*.*.*
jobs:  test:    name: Publish    runs-on: ubuntu-latest    permissions:      contents: read      id-token: write # needed for provenance data generation    timeout-minutes: 10    steps:      - name: Checkout repository        uses: actions/checkout@v4        with:          fetch-depth: 0          filter: tree:0
      - name: Install Node        uses: actions/setup-node@v4        with:          node-version: 20          registry-url: https://registry.npmjs.org/
      - name: Install dependencies        run: npm install        shell: bash
      - name: Print Environment Info        run: npx nx report        shell: bash
      - name: Publish packages        run: npx nx release publish        shell: bash        env:          NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }}          NPM_CONFIG_PROVENANCE: trueThis workflow will install node, install npm dependencies, then run nx release publish to publish the packages. It will run on every push to the repository that creates a tag that matches the pattern v*.*.*. A release process using this workflow is as follows:
- Run nx release --skip-publishlocally. This will create a commit with the version and changelog updates, then create a tag for the new version.
- Push the changes (including the new tag) to the remote repository with git push && git push --tags.
- The publish workflow will automatically trigger and publish the packages to the npm registry.
Configure the NODE_AUTH_TOKEN
Section titled “Configure the NODE_AUTH_TOKEN”The NODE_AUTH_TOKEN environment variable is needed to authenticate with the npm registry. In the above workflow, it is passed into the Publish packages step via a GitHub Secret.
Generate a NODE_AUTH_TOKEN for NPM
Section titled “Generate a NODE_AUTH_TOKEN for NPM”To generate the correct NODE_AUTH_TOKEN for the npmJS registry specifically, first login to https://www.npmjs.com/. Select your profile icon, then navigate to "Access Tokens". Generate a new Granular Access Token. Ensure that the token has read and write access to both the packages you are publishing and their organization (if applicable). Copy the generated token and add it as a secret to your GitHub repository.
Add the NODE_AUTH_TOKEN to GitHub Secrets
Section titled “Add the NODE_AUTH_TOKEN to GitHub Secrets”To add the token as a secret to your GitHub repository, navigate to your repository, then select "Settings" > "Secrets and Variables" > "Actions". Add a new Repository Secret with the name NPM_ACCESS_TOKEN and the value of the token you generated in the previous step.
Note: The NPM_ACCESS_TOKEN name is not important other than that it matches the usage in the workflow:
- name: Publish packages  run: npx nx release publish  shell: bash  env:    NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }}    NPM_CONFIG_PROVENANCE: trueNPM Provenance
Section titled “NPM Provenance”To verify your packages with npm provenance, set the NPM_CONFIG_PROVENANCE environment variable to true in the step where nx release publish is performed. The workflow will also need the id-token: write permission to generate the provenance data:
jobs:  test:    name: Publish    runs-on: ubuntu-latest    permissions:      contents: read      id-token: write # needed for provenance data generation- name: Publish packages  run: npx nx release publish  shell: bash  env:    NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }}    NPM_CONFIG_PROVENANCE: truePublishing Docker Images experimental
Section titled “Publishing Docker Images experimental”Docker support in Nx is currently experimental and may undergo breaking changes without following semantic versioning.
When using Nx Release with Docker images, the publishing process differs from npm packages.
Docker images are built with the npx nx run-many -t docker:build command, which is the default for preVersionCommand in nx.json.
You may also run the build command manually before running nx release. After the images are built, they are tagged during the versioning phase, then pushed to a registry during the publish phase.
Docker Registry Authentication
Section titled “Docker Registry Authentication”Before publishing Docker images, ensure you're authenticated with your Docker registry:
- name: Login to Docker Hub  uses: docker/login-action@v2  with:    username: ${{ secrets.DOCKER_USERNAME }}    password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and tag Docker images  run: npx nx release version --dockerVersionScheme=production
- name: Publish Docker images  run: npx nx release publishFor changelogs, you can run npx nx release changelog <version> locally with the new version from the pipeline. For example, if the new version is 2501.01.be49ad6 you would run npx nx release changelog 2501.01.be49ad6. This will create or update the CHANGELOG.md files in your projects.
Using Different Registries
Section titled “Using Different Registries”Configure alternative registries in your nx.json:
{  "release": {    "docker": {      "registryUrl": "ghcr.io" // GitHub Container Registry    }  }}Example GitHub Actions Workflow for Docker
Section titled “Example GitHub Actions Workflow for Docker”name: Docker Publish
on:  push:    branches: [main]
jobs:  publish:    runs-on: ubuntu-latest    steps:      - uses: actions/checkout@v3
      - name: Setup Node.js        uses: actions/setup-node@v3        with:          node-version: 20
      - name: Install dependencies        run: npm ci
      - name: Build applications        run: npx nx run-many -t build
      - name: Login to Docker Hub        uses: docker/login-action@v2        with:          username: ${{ secrets.DOCKER_USERNAME }}          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Build and tag Docker images        run: npx nx release version --dockerVersionScheme=production
      - name: Publish Docker images        run: npx nx release publish